Basics: Setting Up Two Factor Authentication (2FA)
You might have heard talk of a new way to secure systems and that it involves something described as Two Factor or 2FA. What you need to know is that it’s an extra layer of protection on your accounts that can protect you from hackers. The idea is that while a hacker may have gotten your password (the first factor), they’ll need to get past a code that changes regularly and can only be viewed physically in front of you (the second factor – possession). There are many factors of authentication that are beyond the scope of this article, but adding factors for access greatly protects against account hacking. In this article I’ll go over some basic ways to setup or enable two factor authentication.
There are several ways to approach two-factor and some of them feature increasingly less options. One, for example, uses your phone number to text (SMS) you a code that you’d later use. Another form is to inject this code into an app or directly on to your phone (as Apple does). These approaches are fine and can be used if you’d like.
There is a more common and standardized way of handling two-factor that uses an identification key that is sometimes embedded in a QR code while using an application on your mobile device. I’ll go over the process of setting that up so you’re ready to turn on 2FA on your biggest accounts now!
Google Workspace / Gmail / Google Apps
Using Google’s services with 2FA is similar across the company’s products. In some cases, however, your administrator may need to turn on the ability to enable and use 2FA with your account. Follow these steps to set this up now:
- Download the Google Authenticator app (see below) for your mobile device.
- Open the “My Account” page on your Google account. In the interface this is currently found by clicking on the round avatar in the top-right and clicking on “Manage Your Google Account,” or clicking on this link.
- Look for “Security” along the left side and click on it.
- Below “Signing in to Google” look for 2-Step verification and click the right arrow.
- Get Started on the process and read the instructions carefully. Google Will default to a text message, but you may have other options under “Show more options.” In most cases, using your phone number to send a code is good.
Office 365 / Microsoft 365
This process will be similar to all “Work” accounts. Yes, Microsoft’s login system is a mess of “Home” accounts that can also be enabled for 2FA, but I want to stick this focus to those signed up for Office 365. Note, that Multi-Factor Authentication may need to be turned on for the users by the admin (source). Here are the steps:
- Open Microsoft’s 2FA setup process in a web browser (double-check sure it’s the right account) : https://aka.ms/MFASetup
- The first step will be to choose a method. Click “Mobile App” and “Use verification code.” There are other options, but this one uses the Microsoft Authenticator App. Click “Set Up.”
- You’ll then get a screen that presents a QR code and some other options. The QR code is what you need to setup the Microsoft Authenticator App on your phone. so, keep this screen open for now.
- In Microsoft Authenticator App simply scan the QR code on your screen (from the previous step). This will give you a code (such as 555 555) that you can use to complete the process in your web browser and enable two-factor.
Now, whenever needed, you will have to use your phone to prove it’s you. Be sure to always have your phone ready in case you need to supply a code, greatly protecting your account. Many services today offer variations on this idea including (1) no password, just an email link (2) using a physical key fob (3) a voice call or (4) some other mix or combination of the above. Always be sure to protect your accounts whenever possible. Don’t reuse passwords and enable as many authentication factors as you can.
- Google Authenticator Mobile App: [Apple App Store][Google Play]
- Microsoft Authenticator Mobile App: [Apple App Store][Google Play]
- 365 2FA Deployment Guide (Microsoft)